Denial of Service 
Attacks 


Objectives 


eExplain how denial of service attacks work 


e Differentiate the different kinds of denial of service 
attacks 


eSummarize defenses to denial of service attacks 


Definition 


e A denial-of-service attack is an attack on the availability 
of a service by blocking or overwhelming 
communication or resources to that service. 


e From NIST: “An action that prevents or impairs the 
authorized use of networks, systems, or applications by 
exhausting resources such as central processing units 
(CPU), memory, bandwidth, and disk space.” 


What are resources? 


e Network Bandwidth - in most cases 
e System Resources - CPU, Memory 
e Application Resources - web server, DNS server, etc. 


Common DoS Attacks - Ping attack 


e What is it: Pings the server to initiate a response 


e How is it carried out: Multiple pings either overwhelm 
the server or overwhelm the connection 


eHow to possibly prevent: Disable ping replies or 
responses either in software on the server or through 
firewall rules 


e Other notes: This is an older style of attack 


Common DoS Attacks - SYN 


e What is it: Sends a half open SYN packet to the server 


eHow is it carried out: Multiple half open queries 
overwhelms software resources - typically through open 
sessions 


eHow to possibly prevent: Session timeout rules 


e Other notes: This is a very effective attack, but most 
operating systems can handle it. 


Common DoS Attacks - Other 

flooding 

e What is it: Sends various requests to overwhelm 
resources 


eHow is it carried out: Depending on what the software is 
on the other side is how the attack is successful 


eHow to possibly prevent: Application memory handling, 
other firewall rules 


Common DoS Attacks - Reflection or 
Recursion 


Common DoS Attacks - Reflection or 
Recursion 


e What is it: Sends requests on behalf of another system 


e How is it carried out: Server asks another server that 
isn’t well protected to ask something on behalf of it 


eHow to possibly prevent: Disable recursion or at least 
lock down recursion to inside the network. 


e Could be DNS or NTP 


Defenses 


e There are really no good defences other than firewall or 
operating system rules 


elf enough traffic is generated, your systems will go 
down 


e Developing a good plan is best 


e Make sure you contact your upstream provider, they 
can help 


e Backups? 


